Cross-site Scripting Vulnerability in NotFound Network-Favorites Plugin
CVE-2025-23737

7.1HIGH

Key Information:

Vendor: WordPress
Status: Network-favorites
Vendor: CVE Published:; 24 January 2025

Summary

A reflected Cross-site Scripting (XSS) vulnerability exists in the NotFound Network-Favorites plugin, affecting versions from n/a up to 1.1. This vulnerability enables attackers to inject malicious scripts into web pages generated by the plugin, which could lead to unauthorized data access or manipulation when users interact with affected pages. It is essential for users and administrators of the Network-Favorites plugin to implement security measures and updates to mitigate the risk associated with this vulnerability.

Affected Version(s)

Network-Favorites <= 1.1

References

https://patchstack.com/database/wordpress/plugin/network-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 24, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)